Filters








3,205 Hits in 6.3 sec

Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions

Marian Harbach, Sascha Fahl, Michael Brenner, Thomas Muders, Matthew Smith
2012 2012 Tenth Annual International Conference on Privacy, Security and Trust  
We achieve hidden policies, hidden credentials and even hidden access control decisions, so that the subject of an AC request only learns whether or not access was granted.  ...  In this paper, we present a detailed discussion of this rising problem including a concrete example and argue the need for the combination of hidden credentials, hidden policies and hidden decisions.  ...  In line with Hidden Policies (HP) and Hidden Credentials (HC), we call preventing the provider from learning the outcome Hidden Decisions (HD).  ... 
doi:10.1109/pst.2012.6297915 dblp:conf/pst/HarbachFBMS12 fatcat:crreqfmuzraqvjomxoge4b73hq

Opportunities and Challenges of CREDENTIAL [chapter]

Farzaneh Karegar, Christoph Striecks, Stephan Krenn, Felix Hörandner, Thomas Lorünser, Simone Fischer-Hübner
2016 IFIP Advances in Information and Communication Technology  
for providing us with his extra notes for the third focus group.  ...  In particular, we want to thank Anna Klughammar for her introductory presentation on the eHealth pilot, Charlotte Bäccman and John Sören Pettersson for moderating the second focus group, and Karl Koch  ...  with the following Hidden Access Control Policies (HACOT) technique.  ... 
doi:10.1007/978-3-319-55783-0_7 fatcat:d3bagxdtwndb3cjvzhj3wlziba

A Comprehensive Survey and Analysis on Access Control Schemes in Cloud Environment

P. G. Shynu, K. John Singh
2016 Cybernetics and Information Technologies  
As cloud computing supports multi-tenancy and has a various categories of users with different sets of security requirements, traditional access control models and policies cannot be used.  ...  This paper discusses on various access control models used for cloud environment and presents a detailed requirement analysis for developing an access control, specifically for the cloud.  ...  Also change of policies leads to re-encryption Suitable for small group by generating a group key 7 Towards privacy- preserving access control with hidden policies, hidden credentials  ... 
doi:10.1515/cait-2016-0002 fatcat:7c75l5s26fcatisua2knzpklfy

Privacy Enhancing Technologies: A Review [chapter]

John Argyrakis, Stefanos Gritzalis, Chris Kioulafas
2003 Lecture Notes in Computer Science  
PETs can be used to help with the following: privacy policy creation, use within decision making, and policy enforcement.  ...  Other work has focused on extension of access control and related privacy-enhanced policies.  ... 
doi:10.1007/10929179_51 fatcat:fx47fz4oazhqtm5atntgdck2ni

Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project

Claudio A. Ardagna, Jan Camenisch, Markulf Kohlweiss, Ronald Leenes, Gregory Neven, Bart Priem, Pierangela Samarati, Dieter Sommer, Mario Verdicchio, Jan Camenisch, Javier Lopez, Fabio Massacci (+2 others)
2010 Journal of Computer Security  
This paper describes two key elements of the PRIME identity management systems: anonymous credentials and policy languages that fully exploit the advanced functionality offered by anonymous credentials  ...  The EC-funded project PRIME (Privacy and Identity Management for Europe) envisions that individuals will be able to interact in this information society in a secure and safe way while retaining control  ...  The research leading to these results has received funding from the European Community's Sixth Framework Programme through project PRIME (IST-2002-507591) and from the Seventh Framework Programme through  ... 
doi:10.3233/jcs-2010-0367 fatcat:eth7vfjh4ng5vjsmvpwg4rsfau

Understanding Attribute-based Access Control for Modelling and Analysing Healthcare Professionals' Security Practices

Livinus Obiora Nweke, Prosper Yeng, Stephen D., Bian Yang
2020 International Journal of Advanced Computer Science and Applications  
Both EHRs and PHRs are critical assets that require access control mechanism to regulate the manner in which they are accessed.  ...  ABAC has demonstrated to be an efficient and effective approach for providing fine grained access control to these critical assets.  ...  Ray et al in [18] apply attribute based access control for preserving the privacy of PHR.  ... 
doi:10.14569/ijacsa.2020.0110286 fatcat:jyhz4qys4vazzesvyz6hb7bmeq

Preserving Privacy Based on Semantic Policy Tools

Lalana Kagal, Joseph Pato
2010 IEEE Security and Privacy  
This work was supported in part by the Air Force Office of Scientific Research (AFOSR) award FA9550-09-1-0152 and Intelligence Advanced Research Project Activity (IARPA) award number FA8750-07-2-0031.  ...  With normal access control mechanisms, a requester who is asking for several fields, including zip code and last name, from the Semantic privacy policies, justifications for data requests, and automated  ...  With the current push toward need-to-share, we suggest that alternative approaches are required that encourage honest consumers to comply with the data owners' privacy policies.  ... 
doi:10.1109/msp.2010.89 fatcat:264zo45tdvc2naiovcnpe6h3te

Point-Based Trust: Define How Much Privacy Is Worth [chapter]

Danfeng Yao, Keith B. Frikken, Mikhail J. Atallah, Roberto Tamassia
2006 Lecture Notes in Computer Science  
In turn, Alice values each of her credentials with a privacy score that indicates her reluctance to reveal that credential. Bob's valuation of credentials and his threshold are private.  ...  Specifically, Bob values each credential with a certain number of points, and requires a minimum total threshold of points before granting Alice access to a resource.  ...  Acknowledgements We would like to thank Nikos Triandopoulos, Seth Proctor, and Kimberly Perzel for helpful comments on an earlier version of the point-based trust management model, and Aris Anagnostopoulos  ... 
doi:10.1007/11935308_14 fatcat:6z65peo76vbwzdqlvsqpwtvhxy

AN NOVEL APPROACH TO PRIVACY MANAGEMENT SYSTEM

Mahi Maheswari
2009 International Journal of Management Innovation Systems  
In this system (arbitrarily complex) data are retrieved from standard data repositories, in such a way that parts of these data are obfuscated and associated with privacy preserving techniques.  ...  This paper addresses the problem of dealing with privacy management of confidential data stored by enterprises and other organizations.  ...  Privacy Preserving Techniques dealing with the enforcement of privacy policies.  ... 
doi:10.5296/ijmis.v1i1.37 fatcat:bbrfmbfk7bgrvprs647cwv5cse

Towards Secure Risk-Adaptable Access Control in Cloud Computing

Salasiah Abdullah, Khairul Azmi
2018 International Journal of Advanced Computer Science and Applications  
Therefore, the emergence of Risk-Adaptable Access Control (RAdAC) as a flexible medium in handling exceptional access request is a great countermeasure to deal with security and privacy challenges.  ...  Moreover, user awareness on the importance of cloud computing has increase the needs to safeguard the cloud by implementing access control that works on dynamic environment.  ...  In the future, we plan to develop a framework of risk based access control with hidden access policy and apply the concept in real cloud platform.  ... 
doi:10.14569/ijacsa.2018.091247 fatcat:wf2roy5emvawlllehniqcdpigm

Towards Secure Cloud Orchestration for Multi-Cloud Deployments

Nicolae Paladi, Antonis Michalas, Hai-Van Dang
2018 Proceedings of the 5th Workshop on CrossCloud Infrastructures & Platforms - CrossCloud'18  
Their role spans both vertically (deployment on infrastructure, platform, application and microservice levels) and horizontally (deployments from many distinct cloud resource providers).  ...  Cloud orchestration frameworks are commonly used to deploy and operate cloud infrastructure.  ...  Acknowledgments The research was conducted within the COLA project and received funding from the European Union's Horizon 2020 research and innovation programme under grant No 731574.  ... 
doi:10.1145/3195870.3195874 dblp:conf/eurosys/PaladiMD18 fatcat:qul32bkf4rfdnghqmnxyfzl5ga

Protecting and Managing Privacy Information in Video Surveillance Systems [chapter]

S.-C.S. Cheung, M.V. Venkatesh, J.K. Paruchuri, J. Zhao, T. Nguyen
2009 Protecting Privacy in Video Surveillance  
grant access to their privacy information. 8  ...  , a fast and effective video inpainting algorithm is applied to erase individuals' images as a means of privacy protection.  ...  Without jeopardizing the security of the organization, a flexible privacy data control system will become indispensable to handle complex privacy policy with large number of individuals to protect and  ... 
doi:10.1007/978-1-84882-301-3_2 fatcat:sa3p7mve5bflbdwenvrrfoofvq

PriMan: Facilitating the Development of Secure and Privacy-Preserving Applications [chapter]

Andreas Put, Italo Dacosta, Milica Milutinovic, Bart De Decker
2014 IFIP Advances in Information and Communication Technology  
In this paper, we present a flexible, technology agnostic development framework that facilitates the integration of security and privacy-preserving technologies into applications.  ...  Security and privacy are essential in today's informationdriven society.  ...  -We integrated privacy-preserving authentication policies with support for anonymous and traditional credentials (e.g., Idemix and X.509 certificates [7] ).  ... 
doi:10.1007/978-3-642-55415-5_34 fatcat:y72mz6l6fbf5zjzimhz56llgom

A survey on android security: development and deployment hindrance and best practices

Ratul Sikder, Md Shohel Khan, Md Shohrab Hossain, Wazir Zada Khan
2020 TELKOMNIKA (Telecommunication Computing Electronics and Control)  
We also discussed the historical development of Android OS and the end-users role to maintain privacy and to minimize security risks. This is an open access article under the CC BY-SA license.  ...  Vulnerabilities arise with respect to the increasing functionality of Android OS, impolitic app development practices of developers, end-user incautious and interestingly remediation for the vulnerabilities  ...  Along with Google, many other companies and researchers work on these issues and come up with several different decisions.  ... 
doi:10.12928/telkomnika.v18i1.13288 fatcat:ee6umxstcfe4tannpnrqia6qli

Privacy Design Strategies [article]

Jaap-Henk Hoepman
2013 arXiv   pre-print
Using current data protection legislation as point of departure we derive the following eight privacy design strategies: minimise, hide, separate, aggregate, inform, control, enforce, and demonstrate.  ...  The strategies also provide a useful classification of privacy design patterns and the underlying privacy enhancing technologies.  ...  Strategy #8: DEMONSTRATE The final strategy, DEMONSTRATE, requires a data controller to Be able to demonstrate compliance with the privacy policy and any applicable legal requirements.  ... 
arXiv:1210.6621v2 fatcat:n2x2nabhonh6hdr73z74sfwemm
« Previous Showing results 1 — 15 out of 3,205 results